Throughout this course, we will be building on basic ELB integration that our customer ACME has already deployed. ACME has already deployed two EC2 instances in two availability zones within a single VPC. And each instance runs a copy of ACME's website. Right now, they use a single AWS region eu-west-2. In order to make their deployment highly available, they have deployed an application load balancer whose target group includes the two EC2 instances. 

In addition, they now need to integrate their load balancer with Route 53. ACME has already configured a public hosted zone in Route 53 in order to resolve their websites domain name to public IP addresses of their EC2 instances. They now want to resolve their domain name to the public name of the application load balancer. To do this, they need to create an Alias record. Alias records map friendly names to the name of AWS services such as load balancers. Alias records are similar to CNAME records but are more efficient when both the zone and resource are hosted in AWS. Here's the example of a Route 53 Alias record. Notice how we have mapped www to  the name of the load balancer. 

Most websites that you visit today use https to secure communication between your device and the web server hosting your website. To use https, you need to obtain a digital certificate and install it on your web servers or load balancers. The web server or load balancer will then be responsible for data encryption and decryption. When using AWS, we can obtain digital certificates for free from Amazon Certificate manager. Amazon Certificate Manager is a regional service. If you need a certificate for your ELB in eu-west-2, then you should use ACM in the eu-west-2 region. To integrate your ELB with ACM, you request a certificate from ACM. The certificate should contain the names that you need to associate with your website. Here's the example of a certificate request for www.acme.com. Notice that this is a public certificate so it'll be trusted by browsers that we've included the names to be used with the certificate. 

You can add multiple names that we have to validate certificate to prove we own the domain name by either using DNS validation or email validation. Once the certificate is valid, it's available for use in the selected region. Once the certificate is issued, you can use it with AWS resources in the same region. When using ELB, this means adding a secure listener to your ELB. Here we have an example of an ELB with a http listener. If you select add listener, you can run through the wizard to create secure listener that will use a certificate you've requested from ACM. Now, https can be used to access your website, but instead of the web service being used to encrypt and decrypt data, this work is offloaded to ELB freeing up resources on your web servers. If you want to enforce https access, you can remove the http listener.